If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

i am new to this field and i got a project of pentesting a small medical house. i need a pentesting Non-disclosure agreement template so that i can be on the safe side.

The best thing for you to do would be to contact a lawyer or two.
This link will get you started, with some very generic information. Pre-site Inspection
There are a lot of areas that may or may not be affected depending on the scope of the work to be done, having said that there may or may not be different rules/laws to pay attention to.
Testing a medical companies' patient database will be governed by different rules than say an asterix voip system.

This is a perfect example of why weekend warrior pentesting is not a good idea. Most companies have spent lots of money on their nda's and its generally considered a trade secret. If you are unsure of your self do those people a favor and hook them up with a real company.

I agree with archangel.amael and purehate. You need to consult a lawyer. Preferably, a lawyer that either specializes in or is familiar with IT and technology. I also recommend (as would the lawyer probably) that you procure E&O insurance before you start your test. That way, if something does go south, you are financially covered.

You state that your test is against a medical establishment. There are various laws and rules specific to this field. In the United States, I recommend that you brush up on HIPAA laws. If you are in another country, they probably have something similar that you should read up on.

Maybe you should take up purehate's recommendation and hook up with a company that has experience doing this. If nothing else, for consultation on how to proceed.